Banking trojan QakBot returns with upgraded tricks to steal money

QakBot is a banking trojan that has returned to the picture with new upgraded money stealing tricks.

The trojan is targeting bank account credentials and other financial information from government, military, and manufacturing sectors in the US and Europe, according to new research.

Hackers infect victims using phishing techniques to lure their targets to websites that use exploits to inject Qakbot via a dropper. The first step begins with a specially crafted phishing email containing an attached ZIP file or a link to a ZIP file that includes a malicious Visual Basic Script (VBS).

The attack then proceeds to download additional payloads responsible for maintaining a proper communication channel with an hacker-operated server and executing the commands received from it.

The phishing emails sent to the targeted organizations generally include COVID-19 lures, tax payment reminders, and job recruitments. The email not only includes malicious content but is also inserted with archived email threads between the two parties to add credibility.

Aside from packing components for grabbing passwords, browser cookies, and injecting JavaScript code on banking websites, the Qbot operators released as many as 15 versions of the malware since the start of the year, with the last known version released on August 7.

NPAV recommends users to stay alert and keep your guard up against phishing emails. These emails are the most common method used by hackers to infect targeted systems and steal from them.

Install NPAV on your devices to protect them from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.